Ralf Corsepius wrote: > You are running programs in %post and %postun scriptlets. Just stick a > broken or malicious program somewhere into path, and you are breaking > the user's system. By that definition, isn't the user's system *already* broken (even before the %post/%postun)? -- Rex